\hypertarget{class_c_i___security}{\section{C\-I\-\_\-\-Security Class Reference}
\label{class_c_i___security}\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}}
}
\subsection*{Public Member Functions}
\begin{DoxyCompactItemize}
\item 
\hyperlink{class_c_i___security_a095c5d389db211932136b53f25f39685}{\-\_\-\-\_\-construct} ()
\item 
\hyperlink{class_c_i___security_a03c037268db0c2e6221b65a736eaee07}{csrf\-\_\-verify} ()
\item 
\hyperlink{class_c_i___security_a55b1380b93b71ab3d9873bb967c2b9bb}{csrf\-\_\-set\-\_\-cookie} ()
\item 
\hyperlink{class_c_i___security_a3d09c1dc706abfaad987661805c28a06}{csrf\-\_\-show\-\_\-error} ()
\item 
\hyperlink{class_c_i___security_a1644fd8967db3a1b94988d730ca34991}{get\-\_\-csrf\-\_\-hash} ()
\item 
\hyperlink{class_c_i___security_a00640f51b90b7d946e9d3a4f0c9f628e}{get\-\_\-csrf\-\_\-token\-\_\-name} ()
\item 
\hyperlink{class_c_i___security_acb759426dbab128d3d8164805225381c}{xss\-\_\-clean} (\$str, \$is\-\_\-image=F\-A\-L\-S\-E)
\item 
\hyperlink{class_c_i___security_ae2f831d3f277e1c03730b28fd1734186}{xss\-\_\-hash} ()
\item 
\hyperlink{class_c_i___security_a07306fa600cc7b6de1aa512ba6462975}{entity\-\_\-decode} (\$str, \$charset='U\-T\-F-\/8')
\item 
\hyperlink{class_c_i___security_aaba16489285496bdc03fd12f699a08f6}{sanitize\-\_\-filename} (\$str, \$relative\-\_\-path=F\-A\-L\-S\-E)
\end{DoxyCompactItemize}
\subsection*{Protected Member Functions}
\begin{DoxyCompactItemize}
\item 
\hyperlink{class_c_i___security_adfb0e251ae35ae40303a302d253c3ab2}{\-\_\-compact\-\_\-exploded\-\_\-words} (\$matches)
\item 
\hyperlink{class_c_i___security_a37c160ddffea957e9eb03dbfd3471a78}{\-\_\-remove\-\_\-evil\-\_\-attributes} (\$str, \$is\-\_\-image)
\item 
\hyperlink{class_c_i___security_af67689597607833df370031fb799c92b}{\-\_\-sanitize\-\_\-naughty\-\_\-html} (\$matches)
\item 
\hyperlink{class_c_i___security_a6b1744acaf85e05c65ab17242dea4f06}{\-\_\-js\-\_\-link\-\_\-removal} (\$match)
\item 
\hyperlink{class_c_i___security_a5c5e91dc8e3df0174e4e074dd375a8db}{\-\_\-js\-\_\-img\-\_\-removal} (\$match)
\item 
\hyperlink{class_c_i___security_ae16451bcdc769285c499cbf8068b3523}{\-\_\-convert\-\_\-attribute} (\$match)
\item 
\hyperlink{class_c_i___security_aa385a9c7527f5eece656b9cac73979d3}{\-\_\-filter\-\_\-attributes} (\$str)
\item 
\hyperlink{class_c_i___security_a5289832cb3ae9cee3c12e82ede958874}{\-\_\-decode\-\_\-entity} (\$match)
\item 
\hyperlink{class_c_i___security_a31b2c9ae75f39b9b38fe05c494bb0f79}{\-\_\-validate\-\_\-entities} (\$str)
\item 
\hyperlink{class_c_i___security_a61217e43f888cdf8afb1fba16b5cd9f6}{\-\_\-do\-\_\-never\-\_\-allowed} (\$str)
\item 
\hyperlink{class_c_i___security_a7064dd5501c1dfab05ba6ac8838beb01}{\-\_\-csrf\-\_\-set\-\_\-hash} ()
\end{DoxyCompactItemize}
\subsection*{Protected Attributes}
\begin{DoxyCompactItemize}
\item 
\hyperlink{class_c_i___security_aca426a0e87199bfa36c7401a1d06a419}{\$\-\_\-xss\-\_\-hash} = ''
\item 
\hyperlink{class_c_i___security_a8bf24cc529f04164ac20d892ce20d721}{\$\-\_\-csrf\-\_\-hash} = ''
\item 
\hyperlink{class_c_i___security_af86a83f20de2a3c522bf690d4080c08e}{\$\-\_\-csrf\-\_\-expire} = 7200
\item 
\hyperlink{class_c_i___security_a6752ebca4be235c079785a87a693d932}{\$\-\_\-csrf\-\_\-token\-\_\-name} = 'ci\-\_\-csrf\-\_\-token'
\item 
\hyperlink{class_c_i___security_a52043f2c9ffb0e14eade8e67a0172a82}{\$\-\_\-csrf\-\_\-cookie\-\_\-name} = 'ci\-\_\-csrf\-\_\-token'
\item 
\hyperlink{class_c_i___security_ab883fab930a1c4a926eaa501ab211823}{\$\-\_\-never\-\_\-allowed\-\_\-str}
\item 
\hyperlink{class_c_i___security_ac502ee17d09eb8bbd70a6fb1f9515503}{\$\-\_\-never\-\_\-allowed\-\_\-regex}
\end{DoxyCompactItemize}


\subsection{Constructor \& Destructor Documentation}
\hypertarget{class_c_i___security_a095c5d389db211932136b53f25f39685}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!\-\_\-\-\_\-construct@{\-\_\-\-\_\-construct}}
\index{\-\_\-\-\_\-construct@{\-\_\-\-\_\-construct}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{\-\_\-\-\_\-construct}]{\setlength{\rightskip}{0pt plus 5cm}{\bf \-\_\-\-\_\-construct} (
\begin{DoxyParamCaption}
{}
\end{DoxyParamCaption}
)}}\label{class_c_i___security_a095c5d389db211932136b53f25f39685}
Constructor 

\subsection{Member Function Documentation}
\hypertarget{class_c_i___security_adfb0e251ae35ae40303a302d253c3ab2}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!\-\_\-compact\-\_\-exploded\-\_\-words@{\-\_\-compact\-\_\-exploded\-\_\-words}}
\index{\-\_\-compact\-\_\-exploded\-\_\-words@{\-\_\-compact\-\_\-exploded\-\_\-words}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{\-\_\-compact\-\_\-exploded\-\_\-words}]{\setlength{\rightskip}{0pt plus 5cm}{\bf \-\_\-compact\-\_\-exploded\-\_\-words} (
\begin{DoxyParamCaption}
\item[{\$}]{matches}
\end{DoxyParamCaption}
)\hspace{0.3cm}{\ttfamily  \mbox{[}protected\mbox{]}}}}\label{class_c_i___security_adfb0e251ae35ae40303a302d253c3ab2}
Compact Exploded Words

Callback function for \hyperlink{class_c_i___security_acb759426dbab128d3d8164805225381c}{xss\-\_\-clean()} to remove whitespace from things like j a v a s c r i p t


\begin{DoxyParams}{Parameters}
{\em type} & \\
\hline
\end{DoxyParams}
\begin{DoxyReturn}{Returns}
type 
\end{DoxyReturn}
\hypertarget{class_c_i___security_ae16451bcdc769285c499cbf8068b3523}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!\-\_\-convert\-\_\-attribute@{\-\_\-convert\-\_\-attribute}}
\index{\-\_\-convert\-\_\-attribute@{\-\_\-convert\-\_\-attribute}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{\-\_\-convert\-\_\-attribute}]{\setlength{\rightskip}{0pt plus 5cm}{\bf \-\_\-convert\-\_\-attribute} (
\begin{DoxyParamCaption}
\item[{\$}]{match}
\end{DoxyParamCaption}
)\hspace{0.3cm}{\ttfamily  \mbox{[}protected\mbox{]}}}}\label{class_c_i___security_ae16451bcdc769285c499cbf8068b3523}
Attribute Conversion

Used as a callback for X\-S\-S Clean


\begin{DoxyParams}{Parameters}
{\em array} & \\
\hline
\end{DoxyParams}
\begin{DoxyReturn}{Returns}
string 
\end{DoxyReturn}
\hypertarget{class_c_i___security_a7064dd5501c1dfab05ba6ac8838beb01}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!\-\_\-csrf\-\_\-set\-\_\-hash@{\-\_\-csrf\-\_\-set\-\_\-hash}}
\index{\-\_\-csrf\-\_\-set\-\_\-hash@{\-\_\-csrf\-\_\-set\-\_\-hash}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{\-\_\-csrf\-\_\-set\-\_\-hash}]{\setlength{\rightskip}{0pt plus 5cm}{\bf \-\_\-csrf\-\_\-set\-\_\-hash} (
\begin{DoxyParamCaption}
{}
\end{DoxyParamCaption}
)\hspace{0.3cm}{\ttfamily  \mbox{[}protected\mbox{]}}}}\label{class_c_i___security_a7064dd5501c1dfab05ba6ac8838beb01}
Set Cross Site Request Forgery Protection Cookie

\begin{DoxyReturn}{Returns}
string 
\end{DoxyReturn}
\hypertarget{class_c_i___security_a5289832cb3ae9cee3c12e82ede958874}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!\-\_\-decode\-\_\-entity@{\-\_\-decode\-\_\-entity}}
\index{\-\_\-decode\-\_\-entity@{\-\_\-decode\-\_\-entity}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{\-\_\-decode\-\_\-entity}]{\setlength{\rightskip}{0pt plus 5cm}{\bf \-\_\-decode\-\_\-entity} (
\begin{DoxyParamCaption}
\item[{\$}]{match}
\end{DoxyParamCaption}
)\hspace{0.3cm}{\ttfamily  \mbox{[}protected\mbox{]}}}}\label{class_c_i___security_a5289832cb3ae9cee3c12e82ede958874}
H\-T\-M\-L Entity Decode Callback

Used as a callback for X\-S\-S Clean


\begin{DoxyParams}{Parameters}
{\em array} & \\
\hline
\end{DoxyParams}
\begin{DoxyReturn}{Returns}
string 
\end{DoxyReturn}
\hypertarget{class_c_i___security_a61217e43f888cdf8afb1fba16b5cd9f6}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!\-\_\-do\-\_\-never\-\_\-allowed@{\-\_\-do\-\_\-never\-\_\-allowed}}
\index{\-\_\-do\-\_\-never\-\_\-allowed@{\-\_\-do\-\_\-never\-\_\-allowed}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{\-\_\-do\-\_\-never\-\_\-allowed}]{\setlength{\rightskip}{0pt plus 5cm}{\bf \-\_\-do\-\_\-never\-\_\-allowed} (
\begin{DoxyParamCaption}
\item[{\$}]{str}
\end{DoxyParamCaption}
)\hspace{0.3cm}{\ttfamily  \mbox{[}protected\mbox{]}}}}\label{class_c_i___security_a61217e43f888cdf8afb1fba16b5cd9f6}
Do Never Allowed

A utility function for \hyperlink{class_c_i___security_acb759426dbab128d3d8164805225381c}{xss\-\_\-clean()}


\begin{DoxyParams}{Parameters}
{\em string} & \\
\hline
\end{DoxyParams}
\begin{DoxyReturn}{Returns}
string 
\end{DoxyReturn}
\hypertarget{class_c_i___security_aa385a9c7527f5eece656b9cac73979d3}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!\-\_\-filter\-\_\-attributes@{\-\_\-filter\-\_\-attributes}}
\index{\-\_\-filter\-\_\-attributes@{\-\_\-filter\-\_\-attributes}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{\-\_\-filter\-\_\-attributes}]{\setlength{\rightskip}{0pt plus 5cm}{\bf \-\_\-filter\-\_\-attributes} (
\begin{DoxyParamCaption}
\item[{\$}]{str}
\end{DoxyParamCaption}
)\hspace{0.3cm}{\ttfamily  \mbox{[}protected\mbox{]}}}}\label{class_c_i___security_aa385a9c7527f5eece656b9cac73979d3}
Filter Attributes

Filters tag attributes for consistency and safety


\begin{DoxyParams}{Parameters}
{\em string} & \\
\hline
\end{DoxyParams}
\begin{DoxyReturn}{Returns}
string 
\end{DoxyReturn}
\hypertarget{class_c_i___security_a5c5e91dc8e3df0174e4e074dd375a8db}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!\-\_\-js\-\_\-img\-\_\-removal@{\-\_\-js\-\_\-img\-\_\-removal}}
\index{\-\_\-js\-\_\-img\-\_\-removal@{\-\_\-js\-\_\-img\-\_\-removal}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{\-\_\-js\-\_\-img\-\_\-removal}]{\setlength{\rightskip}{0pt plus 5cm}{\bf \-\_\-js\-\_\-img\-\_\-removal} (
\begin{DoxyParamCaption}
\item[{\$}]{match}
\end{DoxyParamCaption}
)\hspace{0.3cm}{\ttfamily  \mbox{[}protected\mbox{]}}}}\label{class_c_i___security_a5c5e91dc8e3df0174e4e074dd375a8db}
J\-S Image Removal

Callback function for \hyperlink{class_c_i___security_acb759426dbab128d3d8164805225381c}{xss\-\_\-clean()} to sanitize image tags This limits the P\-C\-R\-E backtracks, making it more performance friendly and prevents P\-R\-E\-G\-\_\-\-B\-A\-C\-K\-T\-R\-A\-C\-K\-\_\-\-L\-I\-M\-I\-T\-\_\-\-E\-R\-R\-O\-R from being triggered in P\-H\-P 5.\-2+ on image tag heavy strings


\begin{DoxyParams}{Parameters}
{\em array} & \\
\hline
\end{DoxyParams}
\begin{DoxyReturn}{Returns}
string 
\end{DoxyReturn}
\hypertarget{class_c_i___security_a6b1744acaf85e05c65ab17242dea4f06}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!\-\_\-js\-\_\-link\-\_\-removal@{\-\_\-js\-\_\-link\-\_\-removal}}
\index{\-\_\-js\-\_\-link\-\_\-removal@{\-\_\-js\-\_\-link\-\_\-removal}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{\-\_\-js\-\_\-link\-\_\-removal}]{\setlength{\rightskip}{0pt plus 5cm}{\bf \-\_\-js\-\_\-link\-\_\-removal} (
\begin{DoxyParamCaption}
\item[{\$}]{match}
\end{DoxyParamCaption}
)\hspace{0.3cm}{\ttfamily  \mbox{[}protected\mbox{]}}}}\label{class_c_i___security_a6b1744acaf85e05c65ab17242dea4f06}
J\-S Link Removal

Callback function for \hyperlink{class_c_i___security_acb759426dbab128d3d8164805225381c}{xss\-\_\-clean()} to sanitize links This limits the P\-C\-R\-E backtracks, making it more performance friendly and prevents P\-R\-E\-G\-\_\-\-B\-A\-C\-K\-T\-R\-A\-C\-K\-\_\-\-L\-I\-M\-I\-T\-\_\-\-E\-R\-R\-O\-R from being triggered in P\-H\-P 5.\-2+ on link-\/heavy strings


\begin{DoxyParams}{Parameters}
{\em array} & \\
\hline
\end{DoxyParams}
\begin{DoxyReturn}{Returns}
string 
\end{DoxyReturn}
\hypertarget{class_c_i___security_a37c160ddffea957e9eb03dbfd3471a78}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!\-\_\-remove\-\_\-evil\-\_\-attributes@{\-\_\-remove\-\_\-evil\-\_\-attributes}}
\index{\-\_\-remove\-\_\-evil\-\_\-attributes@{\-\_\-remove\-\_\-evil\-\_\-attributes}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{\-\_\-remove\-\_\-evil\-\_\-attributes}]{\setlength{\rightskip}{0pt plus 5cm}{\bf \-\_\-remove\-\_\-evil\-\_\-attributes} (
\begin{DoxyParamCaption}
\item[{\$}]{str, }
\item[{\$}]{is\-\_\-image}
\end{DoxyParamCaption}
)\hspace{0.3cm}{\ttfamily  \mbox{[}protected\mbox{]}}}}\label{class_c_i___security_a37c160ddffea957e9eb03dbfd3471a78}
\hypertarget{class_c_i___security_af67689597607833df370031fb799c92b}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!\-\_\-sanitize\-\_\-naughty\-\_\-html@{\-\_\-sanitize\-\_\-naughty\-\_\-html}}
\index{\-\_\-sanitize\-\_\-naughty\-\_\-html@{\-\_\-sanitize\-\_\-naughty\-\_\-html}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{\-\_\-sanitize\-\_\-naughty\-\_\-html}]{\setlength{\rightskip}{0pt plus 5cm}{\bf \-\_\-sanitize\-\_\-naughty\-\_\-html} (
\begin{DoxyParamCaption}
\item[{\$}]{matches}
\end{DoxyParamCaption}
)\hspace{0.3cm}{\ttfamily  \mbox{[}protected\mbox{]}}}}\label{class_c_i___security_af67689597607833df370031fb799c92b}
Sanitize Naughty H\-T\-M\-L

Callback function for \hyperlink{class_c_i___security_acb759426dbab128d3d8164805225381c}{xss\-\_\-clean()} to remove naughty H\-T\-M\-L elements


\begin{DoxyParams}{Parameters}
{\em array} & \\
\hline
\end{DoxyParams}
\begin{DoxyReturn}{Returns}
string 
\end{DoxyReturn}
\hypertarget{class_c_i___security_a31b2c9ae75f39b9b38fe05c494bb0f79}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!\-\_\-validate\-\_\-entities@{\-\_\-validate\-\_\-entities}}
\index{\-\_\-validate\-\_\-entities@{\-\_\-validate\-\_\-entities}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{\-\_\-validate\-\_\-entities}]{\setlength{\rightskip}{0pt plus 5cm}{\bf \-\_\-validate\-\_\-entities} (
\begin{DoxyParamCaption}
\item[{\$}]{str}
\end{DoxyParamCaption}
)\hspace{0.3cm}{\ttfamily  \mbox{[}protected\mbox{]}}}}\label{class_c_i___security_a31b2c9ae75f39b9b38fe05c494bb0f79}
Validate U\-R\-L entities

Called by \hyperlink{class_c_i___security_acb759426dbab128d3d8164805225381c}{xss\-\_\-clean()}


\begin{DoxyParams}{Parameters}
{\em string} & \\
\hline
\end{DoxyParams}
\begin{DoxyReturn}{Returns}
string 
\end{DoxyReturn}
\hypertarget{class_c_i___security_a55b1380b93b71ab3d9873bb967c2b9bb}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!csrf\-\_\-set\-\_\-cookie@{csrf\-\_\-set\-\_\-cookie}}
\index{csrf\-\_\-set\-\_\-cookie@{csrf\-\_\-set\-\_\-cookie}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{csrf\-\_\-set\-\_\-cookie}]{\setlength{\rightskip}{0pt plus 5cm}{\bf csrf\-\_\-set\-\_\-cookie} (
\begin{DoxyParamCaption}
{}
\end{DoxyParamCaption}
)}}\label{class_c_i___security_a55b1380b93b71ab3d9873bb967c2b9bb}
Set Cross Site Request Forgery Protection Cookie

\begin{DoxyReturn}{Returns}
object 
\end{DoxyReturn}
\hypertarget{class_c_i___security_a3d09c1dc706abfaad987661805c28a06}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!csrf\-\_\-show\-\_\-error@{csrf\-\_\-show\-\_\-error}}
\index{csrf\-\_\-show\-\_\-error@{csrf\-\_\-show\-\_\-error}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{csrf\-\_\-show\-\_\-error}]{\setlength{\rightskip}{0pt plus 5cm}{\bf csrf\-\_\-show\-\_\-error} (
\begin{DoxyParamCaption}
{}
\end{DoxyParamCaption}
)}}\label{class_c_i___security_a3d09c1dc706abfaad987661805c28a06}
Show C\-S\-R\-F \hyperlink{class_error}{Error}

\begin{DoxyReturn}{Returns}
void 
\end{DoxyReturn}
\hypertarget{class_c_i___security_a03c037268db0c2e6221b65a736eaee07}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!csrf\-\_\-verify@{csrf\-\_\-verify}}
\index{csrf\-\_\-verify@{csrf\-\_\-verify}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{csrf\-\_\-verify}]{\setlength{\rightskip}{0pt plus 5cm}{\bf csrf\-\_\-verify} (
\begin{DoxyParamCaption}
{}
\end{DoxyParamCaption}
)}}\label{class_c_i___security_a03c037268db0c2e6221b65a736eaee07}
Verify Cross Site Request Forgery Protection

\begin{DoxyReturn}{Returns}
object 
\end{DoxyReturn}
\hypertarget{class_c_i___security_a07306fa600cc7b6de1aa512ba6462975}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!entity\-\_\-decode@{entity\-\_\-decode}}
\index{entity\-\_\-decode@{entity\-\_\-decode}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{entity\-\_\-decode}]{\setlength{\rightskip}{0pt plus 5cm}{\bf entity\-\_\-decode} (
\begin{DoxyParamCaption}
\item[{\$}]{str, }
\item[{\$}]{charset = {\ttfamily 'UTF-\/8'}}
\end{DoxyParamCaption}
)}}\label{class_c_i___security_a07306fa600cc7b6de1aa512ba6462975}
H\-T\-M\-L Entities Decode

This function is a replacement for html\-\_\-entity\-\_\-decode()

The reason we are not using html\-\_\-entity\-\_\-decode() by itself is because while it is not technically correct to leave out the semicolon at the end of an entity most browsers will still interpret the entity correctly. html\-\_\-entity\-\_\-decode() does not convert entities without semicolons, so we are left with our own little solution here. Bummer.


\begin{DoxyParams}{Parameters}
{\em string} & \\
\hline
{\em string} & \\
\hline
\end{DoxyParams}
\begin{DoxyReturn}{Returns}
string 
\end{DoxyReturn}
\hypertarget{class_c_i___security_a1644fd8967db3a1b94988d730ca34991}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!get\-\_\-csrf\-\_\-hash@{get\-\_\-csrf\-\_\-hash}}
\index{get\-\_\-csrf\-\_\-hash@{get\-\_\-csrf\-\_\-hash}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{get\-\_\-csrf\-\_\-hash}]{\setlength{\rightskip}{0pt plus 5cm}{\bf get\-\_\-csrf\-\_\-hash} (
\begin{DoxyParamCaption}
{}
\end{DoxyParamCaption}
)}}\label{class_c_i___security_a1644fd8967db3a1b94988d730ca34991}
Get C\-S\-R\-F Hash

Getter Method

\begin{DoxyReturn}{Returns}
string self\-::\-\_\-csrf\-\_\-hash 
\end{DoxyReturn}
\hypertarget{class_c_i___security_a00640f51b90b7d946e9d3a4f0c9f628e}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!get\-\_\-csrf\-\_\-token\-\_\-name@{get\-\_\-csrf\-\_\-token\-\_\-name}}
\index{get\-\_\-csrf\-\_\-token\-\_\-name@{get\-\_\-csrf\-\_\-token\-\_\-name}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{get\-\_\-csrf\-\_\-token\-\_\-name}]{\setlength{\rightskip}{0pt plus 5cm}{\bf get\-\_\-csrf\-\_\-token\-\_\-name} (
\begin{DoxyParamCaption}
{}
\end{DoxyParamCaption}
)}}\label{class_c_i___security_a00640f51b90b7d946e9d3a4f0c9f628e}
Get C\-S\-R\-F Token Name

Getter Method

\begin{DoxyReturn}{Returns}
string self\-::csrf\-\_\-token\-\_\-name 
\end{DoxyReturn}
\hypertarget{class_c_i___security_aaba16489285496bdc03fd12f699a08f6}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!sanitize\-\_\-filename@{sanitize\-\_\-filename}}
\index{sanitize\-\_\-filename@{sanitize\-\_\-filename}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{sanitize\-\_\-filename}]{\setlength{\rightskip}{0pt plus 5cm}{\bf sanitize\-\_\-filename} (
\begin{DoxyParamCaption}
\item[{\$}]{str, }
\item[{\$}]{relative\-\_\-path = {\ttfamily FALSE}}
\end{DoxyParamCaption}
)}}\label{class_c_i___security_aaba16489285496bdc03fd12f699a08f6}
Filename Security


\begin{DoxyParams}{Parameters}
{\em string} & \\
\hline
{\em bool} & \\
\hline
\end{DoxyParams}
\begin{DoxyReturn}{Returns}
string 
\end{DoxyReturn}
\hypertarget{class_c_i___security_acb759426dbab128d3d8164805225381c}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!xss\-\_\-clean@{xss\-\_\-clean}}
\index{xss\-\_\-clean@{xss\-\_\-clean}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{xss\-\_\-clean}]{\setlength{\rightskip}{0pt plus 5cm}{\bf xss\-\_\-clean} (
\begin{DoxyParamCaption}
\item[{\$}]{str, }
\item[{\$}]{is\-\_\-image = {\ttfamily FALSE}}
\end{DoxyParamCaption}
)}}\label{class_c_i___security_acb759426dbab128d3d8164805225381c}
X\-S\-S Clean

Sanitizes data so that Cross Site Scripting Hacks can be prevented. This function does a fair amount of work but it is extremely thorough, designed to prevent even the most obscure X\-S\-S attempts. Nothing is ever 100\% foolproof, of course, but I haven't been able to get anything passed the filter.

Note\-: This function should only be used to deal with data upon submission. It's not something that should be used for general runtime processing.

This function was based in part on some code and ideas I got from Bitflux\-: \href{http://channel.bitflux.ch/wiki/XSS_Prevention}{\tt http\-://channel.\-bitflux.\-ch/wiki/\-X\-S\-S\-\_\-\-Prevention}

To help develop this script I used this great list of vulnerabilities along with a few other hacks I've harvested from examining vulnerabilities in other programs\-: \href{http://ha.ckers.org/xss.html}{\tt http\-://ha.\-ckers.\-org/xss.\-html}


\begin{DoxyParams}{Parameters}
{\em mixed} & string or array \\
\hline
{\em bool} & \\
\hline
\end{DoxyParams}
\begin{DoxyReturn}{Returns}
string 
\end{DoxyReturn}
\hypertarget{class_c_i___security_ae2f831d3f277e1c03730b28fd1734186}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!xss\-\_\-hash@{xss\-\_\-hash}}
\index{xss\-\_\-hash@{xss\-\_\-hash}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{xss\-\_\-hash}]{\setlength{\rightskip}{0pt plus 5cm}{\bf xss\-\_\-hash} (
\begin{DoxyParamCaption}
{}
\end{DoxyParamCaption}
)}}\label{class_c_i___security_ae2f831d3f277e1c03730b28fd1734186}
Random Hash for protecting U\-R\-Ls

\begin{DoxyReturn}{Returns}
string 
\end{DoxyReturn}


\subsection{Field Documentation}
\hypertarget{class_c_i___security_a52043f2c9ffb0e14eade8e67a0172a82}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!\$\-\_\-csrf\-\_\-cookie\-\_\-name@{\$\-\_\-csrf\-\_\-cookie\-\_\-name}}
\index{\$\-\_\-csrf\-\_\-cookie\-\_\-name@{\$\-\_\-csrf\-\_\-cookie\-\_\-name}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{\$\-\_\-csrf\-\_\-cookie\-\_\-name}]{\setlength{\rightskip}{0pt plus 5cm}\$\-\_\-csrf\-\_\-cookie\-\_\-name = 'ci\-\_\-csrf\-\_\-token'\hspace{0.3cm}{\ttfamily  \mbox{[}protected\mbox{]}}}}\label{class_c_i___security_a52043f2c9ffb0e14eade8e67a0172a82}
\hypertarget{class_c_i___security_af86a83f20de2a3c522bf690d4080c08e}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!\$\-\_\-csrf\-\_\-expire@{\$\-\_\-csrf\-\_\-expire}}
\index{\$\-\_\-csrf\-\_\-expire@{\$\-\_\-csrf\-\_\-expire}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{\$\-\_\-csrf\-\_\-expire}]{\setlength{\rightskip}{0pt plus 5cm}\$\-\_\-csrf\-\_\-expire = 7200\hspace{0.3cm}{\ttfamily  \mbox{[}protected\mbox{]}}}}\label{class_c_i___security_af86a83f20de2a3c522bf690d4080c08e}
\hypertarget{class_c_i___security_a8bf24cc529f04164ac20d892ce20d721}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!\$\-\_\-csrf\-\_\-hash@{\$\-\_\-csrf\-\_\-hash}}
\index{\$\-\_\-csrf\-\_\-hash@{\$\-\_\-csrf\-\_\-hash}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{\$\-\_\-csrf\-\_\-hash}]{\setlength{\rightskip}{0pt plus 5cm}\$\-\_\-csrf\-\_\-hash = ''\hspace{0.3cm}{\ttfamily  \mbox{[}protected\mbox{]}}}}\label{class_c_i___security_a8bf24cc529f04164ac20d892ce20d721}
\hypertarget{class_c_i___security_a6752ebca4be235c079785a87a693d932}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!\$\-\_\-csrf\-\_\-token\-\_\-name@{\$\-\_\-csrf\-\_\-token\-\_\-name}}
\index{\$\-\_\-csrf\-\_\-token\-\_\-name@{\$\-\_\-csrf\-\_\-token\-\_\-name}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{\$\-\_\-csrf\-\_\-token\-\_\-name}]{\setlength{\rightskip}{0pt plus 5cm}\$\-\_\-csrf\-\_\-token\-\_\-name = 'ci\-\_\-csrf\-\_\-token'\hspace{0.3cm}{\ttfamily  \mbox{[}protected\mbox{]}}}}\label{class_c_i___security_a6752ebca4be235c079785a87a693d932}
\hypertarget{class_c_i___security_ac502ee17d09eb8bbd70a6fb1f9515503}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!\$\-\_\-never\-\_\-allowed\-\_\-regex@{\$\-\_\-never\-\_\-allowed\-\_\-regex}}
\index{\$\-\_\-never\-\_\-allowed\-\_\-regex@{\$\-\_\-never\-\_\-allowed\-\_\-regex}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{\$\-\_\-never\-\_\-allowed\-\_\-regex}]{\setlength{\rightskip}{0pt plus 5cm}\$\-\_\-never\-\_\-allowed\-\_\-regex\hspace{0.3cm}{\ttfamily  \mbox{[}protected\mbox{]}}}}\label{class_c_i___security_ac502ee17d09eb8bbd70a6fb1f9515503}
{\bfseries Initial value\-:}
\begin{DoxyCode}
 array(
                                        "javascript\s*:"                        
      => '[removed]',
                                        "expression\s*(\(|&\#40;)"      => '
      [removed]', 
                                        "vbscript\s*:"                          
      => '[removed]', 
                                        "Redirect\s+302"                        
      => '[removed]'
        )
\end{DoxyCode}
\hypertarget{class_c_i___security_ab883fab930a1c4a926eaa501ab211823}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!\$\-\_\-never\-\_\-allowed\-\_\-str@{\$\-\_\-never\-\_\-allowed\-\_\-str}}
\index{\$\-\_\-never\-\_\-allowed\-\_\-str@{\$\-\_\-never\-\_\-allowed\-\_\-str}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{\$\-\_\-never\-\_\-allowed\-\_\-str}]{\setlength{\rightskip}{0pt plus 5cm}\$\-\_\-never\-\_\-allowed\-\_\-str\hspace{0.3cm}{\ttfamily  \mbox{[}protected\mbox{]}}}}\label{class_c_i___security_ab883fab930a1c4a926eaa501ab211823}
{\bfseries Initial value\-:}
\begin{DoxyCode}
 array(
                                        'document.cookie'       => '[removed]',
                                        'document.write'        => '[removed]',
                                        '.parentNode'           => '[removed]',
                                        '.innerHTML'            => '[removed]',
                                        'window.location'       => '[removed]',
                                        '-moz-binding'          => '[removed]',
                                        '<!--'                          => '
      &lt;!--',
                                        '-->'                           => '
      --&gt;',
                                        '<![CDATA['                     => '
      &lt;![CDATA[',
                                        '<comment>'                     => '
      &lt;comment&gt;'
        )
\end{DoxyCode}
\hypertarget{class_c_i___security_aca426a0e87199bfa36c7401a1d06a419}{\index{C\-I\-\_\-\-Security@{C\-I\-\_\-\-Security}!\$\-\_\-xss\-\_\-hash@{\$\-\_\-xss\-\_\-hash}}
\index{\$\-\_\-xss\-\_\-hash@{\$\-\_\-xss\-\_\-hash}!CI_Security@{C\-I\-\_\-\-Security}}
\subsubsection[{\$\-\_\-xss\-\_\-hash}]{\setlength{\rightskip}{0pt plus 5cm}\$\-\_\-xss\-\_\-hash = ''\hspace{0.3cm}{\ttfamily  \mbox{[}protected\mbox{]}}}}\label{class_c_i___security_aca426a0e87199bfa36c7401a1d06a419}


The documentation for this class was generated from the following file\-:\begin{DoxyCompactItemize}
\item 
/\-Applications/\-M\-A\-M\-P/htdocs/\-Workspace/blp2.\-0/system/core/\hyperlink{_security_8php}{Security.\-php}\end{DoxyCompactItemize}
